[Secure-testing-commits] r30300 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Nov 25 10:20:55 UTC 2014 

Author: jmm
Date: 2014-11-25 10:20:55 +0000 (Tue, 25 Nov 2014)
New Revision: 30300

Modified:
   data/CVE/list
Log:
various ruby updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-25 10:19:51 UTC (rev 30299)
+++ data/CVE/list	2014-11-25 10:20:55 UTC (rev 30300)
@@ -2851,9 +2851,9 @@
 CVE-2014-8090 [Incomplete fix for CVE-2014-8080]
 	RESERVED
 	{DLA-88-1}
-	- ruby1.8 <removed>
-	- ruby1.9.1 <removed>
-	- ruby2.0 <removed>
+	- ruby1.8 <not-affected> (Incomplete fix never relesed for 1.9)
+	- ruby1.9.1 <not-affected> (Incomplete fix never relesed for 1.9)
+	- ruby2.0 <not-affected> (Incomplete fix never relesed for 1.9)
 	- ruby2.1 <unfixed>
 	NOTE: As it is for the incomplete fix for CVE-2014-8090 might only apply to ruby2.1
 	NOTE: which already had an update.
@@ -2879,7 +2879,6 @@
 	- ruby2.1 2.1.4-1
 	NOTE: https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/
 	NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/?pathrev=48161
-	TODO: check (and if complete set of ruby versions)
 CVE-2014-8079 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x ...)
 	NOT-FOR-US: Drupal theme MAYO
 CVE-2014-8078 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...)
@@ -10093,9 +10092,7 @@
 	- drupal7 7.29-1 (bug #755038)
 	NOTE: https://www.drupal.org/SA-CORE-2014-003
 CVE-2014-4975 (Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and ...)
-	- ruby1.8 <removed> (low)
-	[wheezy] - ruby1.8 <no-dsa> (Minor issue)
-	[squeeze] - ruby1.8 <not-affected> (Vulnerable code not present in 1.8.7)
+	- ruby1.8 <not-affected> (Vulnerable code not present in 1.8)
 	- ruby1.9.1 <removed> (low)
 	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
 	- ruby2.0 <removed> (low)
@@ -37016,6 +37013,7 @@
 	- ruby1.9.1 1.9.3.448-1 (low)
 	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
 	- ruby1.8 <not-affected> (Only affects 1.9 and 2.x)
+	NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=40732
 CVE-2013-2064 (Integer overflow in X.org libxcb 1.9 and earlier allows X servers to ...)
 	{DSA-2686-1}
 	- libxcb 1.8.1-2+deb7u1

More information about the Secure-testing-commits mailing list